Hajime – the "vigilante" IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab.
The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante- …

COMMENTS

Hajime discovers devices on TCP port 23

"A ​ Hajime infection begins when a node already in the ​ Hajime network–scanning random IPv4 addresses on the public internet–discovers a device which accepts connections on TCP port 23, the designated port for the Telnet service"

No one in their right mind has telnet with default passwords running on a device connected to the Internet.

Re: Hajime discovers devices on TCP port 23

No one in their right mind has telnet with default passwords running on a device connected to the Internet.

That's because you're thinking sysadmin, software, or just old fashioned sensible.

Stop all that, and think manufacturing. No such thing as pentesting, no such thing as UAT, just a simple test for readiness to ship: Was it cheap to build, and does the f***er basically work? Now think Shenzen no-brand IoT manufacturer, working in a market where consumer protection is merely an alien concept....and there you have the origins of IoT.

Re: Hajime discovers devices on TCP port 23

Add to that that regular Joe has no clue how his computer works, uses it to only browse, where all his interaction with his computer happens, and thinks tech support is best done by PcWorld (for the UK).

Consumers are going to be their own biggest nightmare, as they gradually loose control and make it even more impossible for themselves (collectively) to keep data safe.

Re: Hajime discovers devices on TCP port 23

There's a certain percentage of regular Joes that believe their web browser is "Windows" and that the screen is the computer. They have more network bandwidth available than they'll ever use, and will in all likelihood, never notice that their fridge, TV and microwave all moonlight as minions of a botnet herder, regardless of hat colour or orientation.

Educating the masses isn't even really a viable answer, because there are too many out there who convert information to white noise on the basis that they "can't possibly understand this technology", so they refuse to even try.

The coup de grâce arrives via the medium where a branded offering with all the appropriate security built in is invariably more expensive than the cheap 'n cheerful version that can be hacked with an etch a sketch. This results in good old Joe buying the one that makes his wallet cry less, and leaves the door wide open to exploitation.

Perhaps there's a way to resolve the issue with the power of those of us working in the world of IT, by making Telnet/SSH access through commercial ISPs an optional extra (perhaps even for a token fee). This way, only people who both know what SSH is, as well as knowing the risks they're taking will buy it, and it might force manufacturers to use other ports for their IoT devices to phone home. At the very least, it will remove remote admin access as a potential attack vector.

Re: Hajime discovers devices on TCP port 23

Somebody redefined malware...

"Hi, I'm a white hat, and I'm securing your system, whether you like it or not." So is it malware if it doesn't do anything malicious?

I wonder if the author is someone who got bit by the other botnets, and decided that they'd simply go and make life easy for themselves, by taking away all those lovely toys others have left lying about. Hajime seems careful about what it infects, so the author is trying to avoid extremely serious shit storms if someone successfully traces out the source.

Re: Somebody redefined malware...

This looks like the "beginning," or a turn of the tides, where white hat hackers are going to start being proactive about security on openly available systems that are not secure. Think of it as the white hat taking the lead away from the black hat, if you're into that metaphor. The author of Hajime is merely stating that; "I have out-coded the authors of Miri in my spare time, in fact I'm wiping out their bots and shutting down the ports for nothing. It costs me nothing to shut down their money making, and or DDoS, operation." If no one is going to secure their device, who better to reach it first and fix it for them? Could this be taken over in-turn, possibly. But again, this is a team or an individual with more skills that the author of Miri, and they are shutting them down, just for fun. Hack a hacker, if they can't take a hack.

The criminal hackers are not all that clever. They break this or that, but in the end they produce zero value, and can't even participate in providing zero-day defects to the hardware/software vendors because of the reasons stated above; they are typically not that good at what they do, they copy the methods from better programmers/hackers and just spread that. No original thought. People with real skills build things of value and make money off of that in the real world, and in their spare time screw over idiots like the Miribot kids, or whatever they want to call themselves. People with real skills setup their own security firms or make lots of money cleaning up enterprises. Or maybe their government pays them handsomely, or keeps them from prison, to join the local cyberarmy. Nation-state hacking teams; probably something to avoid and be wary of. Individual hackers? Not so much. Look at the "crack hacker team" that made light of TalkTalk. It was a couple of kids doing SQL injections. Hiring a couple of kids to secure TalkTalk from the inside would have been a safe bet, but dumb CEOs can't think out of the box like I just did. That's why they got hacked again, and again. It's not over. It's just the beginning.

MYSTERIOUS PURPOSES!!111

How about giving France to Putin by tipping the balance of the presidential elections in favor of #ourgal?

"Journalists" are sure to be able to find the connection before the next web edition goes up, if need be by making random shit upciting anonymous sources from the ever-vigilant but reluctant bulwark against slavic incursions, the GCHQ.

A CROWNING MOMENT of AWESOME!

The 'white hat' (actually GREY hat) infection of vulnerable (and possibly, infected) devices for the purpose of shutting down Mirai is, in my view, a CROWNING MOMENT of AWESOME!

OK it could have been used for bad things, but it wasn't. It should still frighten people, because it's potential use for evil still exists. Some brilliant grey-hat hacker did something "BAD" for a GOOD CAUSE, the kinds of thing that makes for LEGENDARY ANTI-HERO status.

Assuming that the author is 'chaotic good' and not 'chaotic evil', that is.